Cross-site Scripting (XSS) - Stored in evereux/flicket

Valid

Reported on

Sep 22nd 2021


Description

Stored XSS in deleting departments page due to unsanitized input in many places.

Proof of Concept

1. Create a new department with name <img src=a onerror=alert(1) />
2.  After creating the above department, Click on delete icon next to it and see the pop up.
3. Create a new ticket with title <img src=a onerror=alert(document.cookie)>
4. View the ticket and see the popup
5. Go to the ticket and create a new reply with content <img src=a onerror=alert(document.cookie)>, refresh the page and see the popup.

Impact

Stored XSS leads to html injection, phishing, cookie steal,..

We created a GitHub Issue asking the maintainers to create a SECURITY.md a year ago
M0rphling modified the report
a year ago
M0rphling modified the report
a year ago
M0rphling modified the report
a year ago
We have contacted a member of the evereux/flicket team and are waiting to hear back a year ago
We have sent a third and final follow up to the evereux/flicket team. This report is now considered stale. a year ago
evereux validated this vulnerability a year ago
M0rphling has been awarded the disclosure bounty
The fix bounty is now up for grabs
evereux marked this as fixed in 0.2.7 with commit c0f92b a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation